6 Replies · Latest reply on Dec 11, 2017 12:46 PM by Dave Smith

    Does anyone have a good resource on how to _ USE _ ServiceNow's Security Incident Response?

      I have found plenty of resources on how to setup and configure Security Incident Response, but I haven't found anything good on how to _use_ it. I'm looking for a walk-through that my Analysts and I can watch to give us an idea of the workflow that we should use day to day.


      Before you say, "it depends on the workflow that you create in Workflow Editor," you should know that's specifically why I am asking.


      Step 1 in the workflow that I am working on is a task to ensure that the CIs are correct and complete. When they begin to work on that Security Incident Task (SIT) they are actually updating the CIs of the SIT not that of the SIR, and the SIT CIs don't seem to "roll-up" to the SIR.


      Another closely related example is:


      What is the relationship between the single CI field at the top of a SIR to the multi-select CIs list at the bottom? When should one be used over the other?


      Let me know if you have any suggestions of walk-through training resources, or these specific questions.